Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
China Encryption Government Security Politics

Tech Companies Worried Over China's New Rules For Selling To Banks 127

An anonymous reader writes: China is putting into place a new set of regulations for how banks interact with technology, and it has many companies worried. While the rules might enhance security for the Chinese government, they devastate it for everyone else. For example, not only will China require that companies turn over source code for any software sold to banks, the companies building the software (and hardware) must also build back doors into their systems. The bad news for us is that most companies can't afford to simply refuse the rules and write China off. Tech industry spending is estimated to reach $465 billion in 2015, and it's projected for a huge amount of growth.
This discussion has been archived. No new comments can be posted.

Tech Companies Worried Over China's New Rules For Selling To Banks

Comments Filter:
  • Painted target (Score:5, Insightful)

    by reanjr ( 588767 ) on Friday January 30, 2015 @11:08AM (#48940199) Homepage

    Those Chinese banks are going to be the target of a huge amount of hacking. It's like an invitation. We've built a way for you to take over our system. Please try and find it.

    • Re:Painted target (Score:4, Insightful)

      by Altus ( 1034 ) on Friday January 30, 2015 @11:18AM (#48940291) Homepage

      do you really think that the banks in the rest of the world wont have the same back doors? Even if they don't, any flaws they do have will be exposed to whomever gets their hands on the source provided to the Chinese (here is a hint, most of those people are probably not going to responsibly report the flaws so this is not a case of many eyes resulting in more secure code, but a few eyes finding ways to compromise code).

      I know the article says that these companies can't afford to ignore china, but really, if they all got together and said no, could china really afford that? They could always make their own banking software I suppose. Why don't we let them?

      • Re:Painted target (Score:5, Insightful)

        by Captain Splendid ( 673276 ) <capsplendid@gm[ ].com ['ail' in gap]> on Friday January 30, 2015 @11:32AM (#48940417) Homepage Journal
        I know the article says that these companies can't afford to ignore china

        Well, big companies, like MS, Apple, Oracle, etc.

        When you run a small (or more local) business, one of the nice things is being able to avoid certain markets and customers. In fact, unless your future growth (and corresponding funding) aren't a lock, you have to avoid them because all they'll do is destroy your business.

        So if the big boys have to jump through ridiculous hoops in order to keep those profit margins sky-high, fuck 'em. That's how the game works.
        • Re:Painted target (Score:4, Insightful)

          by hodet ( 620484 ) on Friday January 30, 2015 @11:51AM (#48940589)

          Ahh....thank you. A thousand times this. They could always....say no!

          • Precisely!!! The Microsofts, Apples & Oracles - they could remain profitable in the rest of the world, and just not report the sort of growth daytraders want. Leave out China, and let them decide what software their banks should use.

            Funny thing here - all the tinfoil posts about Snowden & NSA and big government getting our private data and being able to access our bank accounts - all of that here is actually true about China, which nobody can boycott

            • by plopez ( 54068 )

              "The Microsofts, Apples & Oracles - they could remain profitable in the rest of the world, and just not report the sort of growth daytraders want."

              And risk lawsuits, shareholders jumping ship, etc. No, the way the system is set up they would have to make a deal with The Devil (and have over the years in the form of Marcos, Hitler, the Argentinian Junta, South Africa under Apartheid etc.) to fulfill their corporate obligations. That is one of several things thing which makes the corporate system inherent

              • That is one of several things thing which makes the corporate system inherently evil.

                I'd have gone for "amoral" personally. Public companies are structured to chase profit above all else, not to deliberately pursue evil.

                • by Anonymous Coward

                  If it costs one million dollars to assassinate a person, their family, and their pet dog, or ten million dollars to settle a lawsuit with them out of court, a corporate system that values profit above all else will choose to assassinate that person, their family, and their pet dog.

                  • Isn't that the point of driverless cars? Providing plausible deniability for road based bumping off of annoyances?

              • "The Microsofts, Apples & Oracles - they could remain profitable in the rest of the world, and just not report the sort of growth daytraders want."

                And risk lawsuits, shareholders jumping ship, etc.

                Probably not. Google doesn't play with the Chinese Government - and it's one of the reasons it's such a pain to use any of their properties/sites in China. No shareholder revolt over that. It's not the corporate system that is inherently evil - it is the people at the top that tend to put their own personal gain over that of the corporation who are evil.

          • Ahh....thank you. A thousand times this. They could always....say no!

            Wow. Reagan's meme. I wonder what he would have said.

        • by jythie ( 914043 )
          That can be a bit of a toss up. It could be argued that small businesses are even more vulnerable to stuff like this since they tend to not be diversified enough to lose significant chunks of their customer base. Any effect on them is either going to be negligible or disastrous, with much less room for a graceful decline in sales.
        • Libraries and library systems are a major, long-term target of the security services and politicians. Those guys want to know if you read "Steal This Book", or in an older age, "Lady Chatterly's Lover", so they can blackmail you. The library community soon learned that it was smart to meet the most stringent privacy standards set by law. After all, you also can't afford to cheese off Germany and the EU and get tossed out of their market.

          Countries who would prefer to have back-doors have a hard time ma

      • Yes I really think that. Now you.

      • Re: (Score:2, Insightful)

        by s.petry ( 762400 )

        I know the article says that these companies can't afford to ignore china, but really, if they all got together and said no, could china really afford that? They could always make their own banking software I suppose. Why don't we let them?

        Because globalization is the directive, and you can't think this way and be a globalist.

        I'm with you, in a free market that is how it should be. China does not have to use banking software developed in the US, they can develop their own. Amaze us with the success of your communism and it's ability to generate educated and innovative people. China used to be very innovative, but more recently they can only copy (aka steal) other people's innovations.

        And don't worry, the US is heading down the same path wi

        • Re:Painted target (Score:5, Insightful)

          by gstoddart ( 321705 ) on Friday January 30, 2015 @11:47AM (#48940561) Homepage

          Because globalization is the directive, and you can't think this way and be a globalist.

          And what evidence do we have the globalization helps anybody except corporations who fuck the rest of us over in the process?

          Everybody acts like globalization is a good thing ... and unless you're a multinational corporation, I have yet to be convinced that's true.

          H1B visas are just large corporations cheating the system by bringing in cheaper labor from other countries.

          I'm of the opinion that globalization is a crock, championed by those who make money from it, and which comes at the expense of everybody else.

          • Re:Painted target (Score:4, Interesting)

            by Bob the Super Hamste ( 1152367 ) on Friday January 30, 2015 @02:23PM (#48941757) Homepage
            Hey not all globalization is bad. I personally like German cars, Swiss mechanical watch movement, French cheese and digestifs, Indian silk rugs, British TV, Swedish tools, Japanese and Korean electronics, Dutch toys, large Nepali knives, and Canadian winter boots. What I don't like is the race to the bottom type of globalization that seems to be happening with cheap crap products made to increase profits and would prefer globalization where it is a race to the top in quality.

            I don't like what I have seen with the quality going down on what once were great things because someone thought they could save a few cents per item by shipping manufacturing overseas. For example when I looked at small wire feed welders there were a bunch of highly questionable cut every corner ones around the $100 price point and in researching them they might work out of the box for some definitions of work and would likely fail in fairly short order all of which were made in China. From there to the one I got there was nothing but I ended up getting the smallest Hobart that while they cut corners (no thermal switch for the fan so it run all the time and the gas kit was separate but could be added if you didn't want to use flux core wire) it cost ~$270 on sale but came with a great warranty, was made in the US, is heavy as hell, and worked out of the box flawlessly for years.
          • by s.petry ( 762400 )

            And what evidence do we have the globalization helps anybody except corporations who fuck the rest of us over in the process?

            There is no such evidence, and I did not intend to imply that I agreed with the politics at hand. I was merely pointing out that this _IS_ the politics at hand.

            I don't agree that Globalization is a crock, the problem is with it's implementation. For example: There is a huge problem with wealth disparity (globally), much worse than the issues we see in the US/West. If we are going to make a global republic system, precursors and checks have to be put in place first. People with money instead are jumping

          • It's the price we pay to prevent WWIII. We're going to pay either way. You say it's not worth it.

            I say the jury is still out. The globalists attempt to ride that fine line of draining our wealth out to them, just enough, but not too much at once.

            China is getting out of hand. $100+ per barrel of oil kept them down a bit, but then the Russians start getting out of hand. We can take it (barely), but they (the globalists) are hurting Europe a bit more than they'd like. It's a complicated game. Let's suck some w

          • "Everybody acts like globalization is a good thing"

            Blind nationalism is just as bad, to be honest. I've lived in a country with protectionist tariff barriers against "foreign stuff" and the damage it did to the economy and the national way of thinking is still being undone 30+ years after the barriers came down.

            The biggest issue with globalisation is the rampaging tax avoidance which is coming with it and that could/should be dealt with fairly easily if politicians weren't so easily paid off.

        • by jythie ( 914043 )
          The crux is 'all get together'. If you have X companies in the market and all but one say 'no', that one just got a lot richer, even if unity would have benefited everyone.
          • Re: (Score:3, Interesting)

            ...until the point where that one company has its software totally pwned, all source code released to the public, and an overproportionate number of security holes and backdoors found.

            Suddenly, they're an industry pariah, not just because they were a scab, but because nobody can trust their prioduct anymore. The short term profit is not sustainable.

            • by nobuddy ( 952985 )

              I'd say write it from scratch and sell it to the Chinese, back door included, then release the source to the public.

          • by nobuddy ( 952985 )

            This is the conundrup inherent in many fields.
            I took time off from IT to drive a truck. People complained that shipping prices have been stagnant since the 80's while the cost of operating has gone through the roof. And this is true.
            the solution is simple, and impossible. "Don't take cheap freight". If everyone refused to take cheap freight the prices would have to rise. There are about 4 million trucks on the road. All it takes is one to accept that cheap freight when the other 3,999,999 refused it to ruin

        • by dj245 ( 732906 )

          Because globalization is the directive, and you can't think this way and be a globalist.

          I'm with you, in a free market that is how it should be. China does not have to use banking software developed in the US, they can develop their own. Amaze us with the success of your communism and it's ability to generate educated and innovative people. China used to be very innovative, but more recently they can only copy (aka steal) other people's innovations.

          You seem to be equating these problems to a communist system of government. There are two problems with that-
          1. Chinese hasn't been communist for a long time.
          2. Communism isn't the kind of government that jumps to mind at wanting to stick backdoors in everything, Fascism is.

          • by s.petry ( 762400 )

            This [wikipedia.org] says you are wrong. You are probably making the mistake of confusing Marxist Communism (USSR form of Communism) with Chinese communism, which used to be a sore spot between those 2 nations. Perhaps confused with their use of "Republic" in the name of their nation, I don't know.

            I'll also disagree with your 2nd point, because the type of government has little to do with the type of government. It has more to do with both expansion and level of freedom.

      • ... if they all got together and said no, could china really afford that?

        Prisoner's Dilemma:
        http://en.wikipedia.org/wiki/P... [wikipedia.org]

      • It's one thing not to sell in China, but what if the government cracked down on production? Pretty much every hardware company could lose their production instantly.

      • do you really think that the banks in the rest of the world wont have the same back doors? Even if they don't, any flaws they do have will be exposed to whomever gets their hands on the source provided to the Chinese (here is a hint, most of those people are probably not going to responsibly report the flaws so this is not a case of many eyes resulting in more secure code, but a few eyes finding ways to compromise code).

        I know the article says that these companies can't afford to ignore china, but really, if they all got together and said no, could china really afford that? They could always make their own banking software I suppose. Why don't we let them?

        Banks in every country have standard software to run the application, but then a myriad of little extraction programs to provide all kinds of analysis, from trending, use of SWIFT, anomalies in behaviour (large deposits or transfers).
        There are two users for those reports. One is the bank.

  • by sinij ( 911942 ) on Friday January 30, 2015 @11:11AM (#48940225)
    No additional development is required, just reuse the code that was written for NSA backdoors.
  • by Anonymous Coward

    US banks say "there is no backdoor" while waving their Jedi arms over our heads.

  • by Anonymous Coward

    Now when I want to open an account at a bank, I'll have to ask them if their bank software vendor has or has planned to do business in China.

    Hands up, everyone who thinks the software developers are going to go through the trouble of developing two separate applications.

    • Hands up, everyone who thinks the software developers are going to go through the trouble of developing two separate applications.

      I think they aren't even going to develop one. Many banks are still running Cobol applications written in the 60's and 70's.

  • by houghi ( 78078 ) on Friday January 30, 2015 @11:13AM (#48940245)

    This is what you get for spying on each and everybody and infiltrating everything. So now they distrust everybody and (rightfully) are asking for the source.

    The result will be that they then will have the source and will do their own improvement and not coming back for more. This basically means that they can do one more deal by selling the software and then they will start selling the software themselves (including the backdoors)

    So the wise thing would be NOT to sell anything. However if just one company will sell, they are all lost.

    I am not even worried about the backdoor, because that was in there already.

    The next will be that they ask the source code for other software as well (Microsoft anybody?)

    • by aliquis ( 678370 )

      Then again if the companies adapt to the situation and just accept open-source code was it really bad? =P

      Give them the code under GPL.

      • Then again if the companies adapt to the situation and just accept open-source code was it really bad? =P

        Give them the code under GPL.

        Yes, because China has such a WONDERFUL legacy of recognizing and abiding by International intellectual property rights treaties - the GPL will show them!

    • More like, if one (Western) company sells, that company is lost. Because they will have to give away their source code knowing that any guarantees about it being kept private will mean exactly nothing, and might as well put it up on their web site. So unless they are already open source and live off of providing services, that will be the end of them.

    • So China asking for backdoors to banks operating within the People's Republic is b'cos of the NSA! Reason that the Chinese government distrusts everybody is b'cos they are a Communist government. Yeah, they've made the economy itself not just capitalistic, but feudal, but at the government level, it's one that just can't let go of its iron grip on power.
  • Refuse and have the rest of us as your costumers.

    Just tell me whom to trust and whom to not.

    • by Qzukk ( 229616 )

      Just tell me whom to trust and whom to not.

      "Trust us"

    • Re:Sure they can (Score:5, Insightful)

      by gstoddart ( 321705 ) on Friday January 30, 2015 @11:29AM (#48940393) Homepage

      Easy answer: don't trust any of them.

      You'll be far less disappointed by assuming all corporations and government are lying, self-serving bastards who don't give a fuck about you, and will happily climb over you to get what they want.

      It's probably not far from the truth.

    • "The rest of us" boils down to the 1% that gives a shit. The other 99% will just pick the cheapest solution, no matter what the consequences might be.
    • "TRUST NO ONE"

    • Now when someone had modded it up I saw my regular mistake.

      Customers.

      I guess it's fairly obvious what I mean but it's such a shitty mistake but since I've always written it wrong.

      Also there's also been the word consumers which I've wondered if the one above even existed.

      Damnit. Couldn't they let consumers and customers start in the same way? Cunsomers? ;D

      Sorry the Internet! Maybe it's all your fault for not letting the Nazis win! Kundschaft and Kostüm. That's more like it for a Swede!

  • I don't get it (Score:5, Interesting)

    by oodaloop ( 1229816 ) on Friday January 30, 2015 @11:16AM (#48940265)
    They want the source code and backdoors written in? Why not write your own backdoors?
  • Now that we know how YOU do things we can steal what we want from the code giving ourselves a boost, and hand off the code to our military cyber warfare equivalent and figure out how to fuck your banks/stock market/whatever else we can get in to. Sounds like we'll be selling the rope to get hung by to me.

  • Then the US at least should enact a law saying that US banks can only use any software with source released to Chinese authorities when that source has been released to the public, and that there can be no backdoors whatsoever, and that they can only enter into transactions with banks using software without backdoors. Yeah, right, I can see the NSA going along with that...
  • I'm sorry ... (Score:5, Insightful)

    by gstoddart ( 321705 ) on Friday January 30, 2015 @11:21AM (#48940315) Homepage

    Sorry, but am I meant to believe the US government doesn't also insist on backdoors?

    Because they pretty blatantly want backdoors in crypto and everything else.

    So let's not pretend it's just China doing this ... every damned government is insisting on this crap.

    And, really:

    With these new regulations, foreign companies and business groups worry that authorities may be trying to push them out of the fast-growing market. According to the Times, the groups -- which include the US Chamber of Commerce -- sent a letter Wednesday to a top-level Communist Party committee, criticizing the new policies that they say essentially amount to protectionism.

    Boo frickin' hoo. You think China gives a crap about a stern letter from the US Chamber of Commerce? Or that they care if you have access to their markets?

    Other than that's the only way they can keep expanding indefinitely, what makes corporations feel like they're entitled to be in any market?

    I'm betting a bunch of the companies involved in this collective hand-wringing are already enabling the US government to have access through other backdoors -- so don't pretend it's even more terrible when China does it.

    If America is so concerned about backdoors and exploits in Chinese made products ... make 'em yourselves.

    American companies need to stop acting like they can tell countries where they do business what they're willing to do. Suck it up, you want access to the market you play by the rules. Just like they would have to do to do business in the US.

    I hear this crap and I just hear "Waaah, how are we to make a profit if you impose rules on us, woe is us, how will be maximize executive bonuses if there are rules?"

    • I'd be equally worried that a US made device would have the NSA back doors allowing my government to spy. I think the saddest part is that I am now more threatened of my own government (and their refusal to allow privacy) than I am of foreign powers...

  • by Anonymous Coward

    Only a matter of time until the source is leaked and people can simply open up backdoor.c and have fun with that.

  • One-Way street (Score:5, Interesting)

    by Virtucon ( 127420 ) on Friday January 30, 2015 @11:32AM (#48940429)

    doing business with the PRC is a One-Way street, they'll absorb your technology, your techniques and your skills and will saturate your markets to kill off your own industries. We're in a war folks, it's time people woke up to that fact and stopped treating the Chinese Government as friendly.

  • by sirwired ( 27582 ) on Friday January 30, 2015 @11:33AM (#48940435)

    China can ask for the source, but I don't see any US firm agreeing. They certainly wouldn't care about China-only builds having back-doors; that I'm sure they'd agree to. But giving up the source? No way. If they do that, they know that the code will quickly be incorporated into products from Chinese companies and their sales will drop soon afterwards as the thieves sell their own versions for far less.

    • by khchung ( 462899 )

      China can ask for the source, but I don't see any US firm agreeing.

      Sure, that automatically disqualifies them from selling to any China banks, which means all the money that would have gone to foreign software companies now go to local Chinese software companies, thus kickstarting their growth and eventually they will grow big enough to compete outside of China.

      It would not surprise me if that was the real goal here.

  • I certainly wouldn't run any product of US origin, without its source code being public, and open to security audit. The US regime has shown itself to be a totalitarian Stasi state that tortures people, collaborates corruptly with private companies, and sponsors and supports terrorism.

  • by Anonymous Coward

    This is a matter of how can you afford not to abandon China now?

    China will steal and use your source code for their own products, they've aptly demonstrated that they don't give a single care to non-Chinese copyright and companies. Any company that builds in backdoors for the Chinese will have MASSIVE known security hole for everyone else to try and exploit, and you can confirm the backdoor because they're doing business in China.

    How exactly can you not cut China off right now unless they want their compani

  • Backdoors are there for everyone that finds them, not just those who requested them, i see major bank system hacks in the next few years.
  • Basically China is demanding that it too should get the same state-of-the-art technology that NSA already got stealthily.

  • by ErichTheRed ( 39327 ) on Friday January 30, 2015 @11:52AM (#48940593)

    OSS stuff like Linux and xBSD is already out there, and they can build their own back doors. Microsoft already gives companies and governments access to the source code for its products. I guess the mainframe providers (IBM, Fujitsu, etc.) are the only ones left that this would affect. That, and the network device manufacturers...I could definitely see Huawei getting a boost by being the only network device manufacturer allowed to sell to Chinese banks.

    I guess the question is why -- every country on earth spies on every other country and its own citizens. So, it's probably being done to boost domestic companies. One of the things that's really going to make China come out on top this century is their ability to do stuff like this...it's one of their greatest strengths. If they decide they want to do something, it's done with zero debate. Their big overarching project right now is a massive urbanization project -- just picking up millions of rural peasants and physically moving them to cities. Can you imagine the US or a European country trying something like that? It would never work, look how much people complain when a local government uses eminent domain to build a road or public works project.

    The summary is right though - companies can't ignore China. There are billions of people and a huge growing middle class, all with the full will of their government pushing through whatever is needed. There are always possible bumps in the road, but I'm assuming China will be the dominant superpower in a couple of decades just because they can make stuff happen that we can't/won't.

  • by Nyder ( 754090 ) on Friday January 30, 2015 @11:56AM (#48940625) Journal

    Write different software for China and suggest to the rest of the world that they never use the Chinese version of the software.

    Problem solved.

  • Most companies can't afford to forgo a market? That isn't even internally logically consistent. Try "Most companies are evil enough to follow along".
  • ...so that Chinese company can make the next version of the banking software
  • by WindBourne ( 631190 ) on Friday January 30, 2015 @12:47PM (#48941121) Journal
    Then if said company is selling to western banks, these should be avoided.
  • Technology companies that want to sell equipment to Chinese banks will have to submit to extensive audits, turn over source code, and build âoeback doorsâ into their hardware and software, according to a copy of the rules obtained by foreign companies already doing billions of dollar worth of business in the country.

    Sounds like the US Government's policy, and I'm not even joking.

  • If I was a company that sells banking software I have a couple of choices.

    1. Sell the same solution sold to other countries to China. Pros: Minimal changes required in existing capitalized expensed R&D and fast sales to the Chinese. Cons: Handing over source code and hence "keys to the kingdom" is a terrible mid to long-term strategy because nothing prevents China from then using how they see fit. Also the short-term shock is existing customers' in other countries will bail out at the end of contracts
  • "The bad news for us is that most companies can't afford to simply refuse the rules and write China off."

    Actually it is _very_ easy to just write of China. I've done this with unreasonable customers no matter how big they are. There are plenty of other customers who are reasonable. Just say no to totalitarianism.

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      The problem is Wall Street, which doesn't care whether a company is put out of business by Chinese competition next year if it makes a good profit this quarter.

  • And Their banks = Business interests?

    Isn't this similar to what happened to Lenovo a while ago?
  • America covertly does it and China overtly does it.

Each new user of a new system uncovers a new class of bugs. -- Kernighan

Working...